Re: [PATCH v2 1/3] x86/bugs: Only harden syscalls when needed

From: Nikolay Borisov
Date: Mon Apr 15 2024 - 11:27:36 EST

Next message: Mike Rapoport: "Re: [PATCH] memblock: add no-map alloc functions"
Previous message: Pratyush Yadav: "Re: [PATCH v1 1/6] mtd: spi-nor: Remove support for Xilinx S3AN flashes"
In reply to: Linus Torvalds: "Re: [PATCH v2 1/3] x86/bugs: Only harden syscalls when needed"
Next in thread: Linus Torvalds: "Re: [PATCH v2 1/3] x86/bugs: Only harden syscalls when needed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 15.04.24 г. 18:16 ч., Linus Torvalds wrote:

On Mon, 15 Apr 2024 at 00:37, Nikolay Borisov <nik.borisov@xxxxxxxx> wrote:

To ask again, what do we gain by having this syscall hardening at the
same time as the always on BHB scrubbing sequence?

What happens the next time some indirect call problem comes up?

Same as with every issue - assess the problem and develop fixes. Let's be honest, the indirect branches in the syscall handler aren't the biggest problem, it's the stacked LSMs. And even if those get fixes chances are the security people will likely find some other avenue of attack, I think even now the attack is somewhat hard to pull off.

So in any case this could have been a completely independent patch of the BHI series.

If we had had *one* hardware bug in this area, that would be one
thing. But this has been going on for a decade now.

Linus

Next message: Mike Rapoport: "Re: [PATCH] memblock: add no-map alloc functions"
Previous message: Pratyush Yadav: "Re: [PATCH v1 1/6] mtd: spi-nor: Remove support for Xilinx S3AN flashes"
In reply to: Linus Torvalds: "Re: [PATCH v2 1/3] x86/bugs: Only harden syscalls when needed"
Next in thread: Linus Torvalds: "Re: [PATCH v2 1/3] x86/bugs: Only harden syscalls when needed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]